It also keeps tracks of changes to files with certain extensions, in order to provide diff-based backups.

Since most malware persists on disk, with a registry key to make itself start on boot, a system restore should disable most malware. It most likely will not remove the malware from the disk, though. Other persistence mechanisms, such as code injection, will allow the malware to persist beyond a system restore.